On Mon, Mar 23, 2009 at 7:27 PM, Eddy Nigg wrote:
> On 03/24/2009 04:09 AM, Ian G:
>> This would then mean that on adding an email account into Tbird, it
>> automatically creates the public key pair. On each email sent out, it
>> includes the public key in a header. On each email received, it gr
On 03/24/2009 04:09 AM, Ian G:instead I'm asking you, how would you
secure email
OK, just quickly, coz we are way off topic.
You started the off-topic I think...
Two caveats: Firstly, email is the clunkiest awfulest of
communications apps
It's not relevant, albeit I might agree...but it
On 24/3/09 01:48, Eddy Nigg wrote:
On 03/24/2009 02:25 AM, Ian G:
I haven't followed it in depth, but the primary way that the E.B.s
have responded is to move their existing TAN system to a cellphone SMS
(which the europeans call "handys", brits call them mobiles). A TAN is
a transaction authent
On 03/24/2009 02:35 AM, Ian G:
You can disagree, fine. I even hate it. I despise the notion that
someone can download and install software, pretend to be an expert,
and get it going within maybe an hour, with no clue as to how it
works. That's not how it was in my day!
So we have actually a
On Mon, Mar 23, 2009 at 5:35 PM, Ian G wrote:
>>> Hmmm, well, many questions abound: why wasn't it done? where was this
>>> discussed? Why didn't client certs just happen? Why are we still using
>>> passwords?
>>>
>>
>> Good questionit's because it's so much more convenient and everybody
>> is
On 03/24/2009 02:25 AM, Ian G:
I haven't followed it in depth, but the primary way that the E.B.s
have responded is to move their existing TAN system to a cellphone SMS
(which the europeans call "handys", brits call them mobiles). A TAN
is a transaction authentication number which is distribut
On 22/3/09 00:32, Eddy Nigg wrote:
On 03/22/2009 12:55 AM, Ian G:
I don't know about these things, but I recognise that badly configured
servers are a pain. The servers I have experienced this with are
Apache. They may be misconfigured, but the sysadms aren't agreeing at
the moment, and talking
On 23/3/09 20:36, Nelson B Bolyard wrote:
Ian G wrote, On 2009-03-22 16:01 PDT:
Man in the Browser. It is a term that seems to have caught on to
describe what happens when the browser is taken over by malware, and it
owns the interface. To solve the security problems that arises in
online ban
Hi Rolf,
Thank you for taking your time here. Please allow me a few more questions...
On 03/23/2009 07:14 PM, Rolf Lindemann:
1. General description of the sub-CAs operated by third parties.
--> This sub-CA 1 is used to issue certificate to company internal devices.
All relying parties are co
On 03/23/2009 10:27 PM, Nelson B Bolyard:
I'd change that last line to this;
Click here to bet your career that this cert is genuine and not a forgery.
I'd suggest that we also display the URL for the user to see before
deciding, but we know that users would click without even looking at it.
B
alex.agra...@gmail.com wrote:
I wonder how is it possible to load symmetric key that is stored
inside the NSS DB via JSS API? I tried using KeyStore JCA class (as in
org.mozilla.jss.tests.KeyStoreTest example):
KeyStore ks = KeyStore.getInstance("Mozilla-JSS");
but it turns out that JSSProv
Sreedhar,
This is an assertion on a pthread_mutex_lock failure .
What operating system and version are you running your application on ?
Using a debugger, can you print the value of rv and errno from your core
file when you get this assertion ?
On Solaris 10, the possible error codes are EAG
Eddy Nigg wrote, On 2009-03-23 11:20:
> On 03/23/2009 08:13 PM, Nelson B Bolyard:
>> Perhaps PSM should have a feature, used at cert import time, that discovers
>> that the chain is incomplete and offers, at that time, to go and fetch the
>> missing certs in the chain via AIA.
>
> Cold this be a s
Ian G wrote, On 2009-03-22 16:01 PDT:
> Man in the Browser. It is a term that seems to have caught on to
> describe what happens when the browser is taken over by malware, and it
> owns the interface. To solve the security problems that arises in
> online banking is more challenging, which is
2009/3/20 Nelson B Bolyard
>
> dave davesons wrote, On 2009-03-20 10:18:
> > Dear all,
> >
> > I have configure a reverse proxy with client certificate validation.
> >
> > When accessing the site using firefox, firefox first asks the user to
> > select the certificate to authenticate as it should
On 03/23/2009 08:13 PM, Nelson B Bolyard:
Perhaps PSM should have a feature, used at cert import time, that discovers
that the chain is incomplete and offers, at that time, to go and fetch the
missing certs in the chain via AIA.
Cold this be a solution which could be applied to Firefox as w
Eddy Nigg wrote, On 2009-03-23 08:30:
> On 03/23/2009 06:29 AM, Nelson B Bolyard:
>> 1) When the user downloaded his new email cert in his browser, he didn't
>> get the full chain, but only got his own cert. So, he didn't have the
>> complete cert chain in his browser when he exported it to a PKCS
Anders Rundgren wrote, On 2009-03-23 08:19:
> In theory TLS path-building could be addressed by server-admins.
Yes, they could do that in their roles as Subject parties and as Relying
parties. I'd definitely recommend the former. The latter may be a good
alternative to AIA because it would avoid
On 03/23/2009 07:18 PM, Kaspar Brand:
That's not true - neither from my experience with Firefox nor from
looking at the code:
nsPKCS12Blob::ExportToFile calls SEC_PKCS12AddCertAndKey:
Correction! I've created new profiles both on Firefox and on
Thunderbird. And indeed Firefox back's up t
Hi,
Here our statement regarding the SubordinateCA checklist requirements:
There are only two subordinate CAs issued by the root certificates related to
this request.
Both Sub-CAs are operated by a third party for internal use only.
Regarding Sub-CA 1, which is chained to “TC Class 2 CA II”
Be
Eddy Nigg wrote:
>> The incomplete chain downloaded into Firefox is the problem that must be
>> fixed. It's the most crucial. I don't know if it's entirely an issue
>> in the CA (:-) or also partially in Firefox.
>>
>
> Unfortunately Firefox DOES NOT include the chain in the PKCS12 file even
On 03/23/2009 06:29 AM, Nelson B Bolyard:
1) When the user downloaded his new email cert in his browser, he didn't
get the full chain, but only got his own cert. So, he didn't have the
complete cert chain in his browser when he exported it to a PKCS#12 file.
If the cert chain had been complete i
In theory TLS path-building could be addressed by server-admins.
Unfortunately practice shows that users (RPs) of third-party PKIs do not
get informed by CAs when it is time to install a new immediate CA
certificate because the brand (root) have expanded their
issuing-customer base or when a s
23 matches
Mail list logo
